About the Management Center REST API

The management center REST API provides a lightweight API to manage a management center.

About the Management Center REST API

With the release of management center REST API, you now have light-weight, easy-to-use option for managing threat defense and legacy devices through a management center.

The REST API is an application programming interface (API), based on “RESTful” principles, which you can quickly enable on any management center running version 6.1 or higher, and use with a REST client.

After installing a REST client, you can contact the specific management center's REST agent and use standard HTTP methods to access current configuration information, and issue additional configuration parameters.

Whats New in 7.1

The following new features and functionality were added in version 7.1.

  • Added error
    401 Invalid Session
  • Added error
    429 Too Many Writes
  • Removed biased terminology from field names and descriptions

  • Added the following new sections in API Explorer:

    Troubleshoot

    Network Map

    Chassis

New API endpoints and Methods

Table 1. New Endpoints: these are new endpoints and methods.

Name

Methods

URL

Troubleshoot

Packet Tracer Files

DELETE, DELETE by ID

/api/fmc_troubleshoot/v1/domain/{domainUUID}/packettracer/files/

Network Map

Netmap Hosts

GET, GET by ID, POST, DELETE

/api/fmc_netmap/v1/domain/{domainUUID}/hosts/{objectId}

Vulns

GET, GET by ID, POST, DELETE

/api/fmc_netmap/v1/domain/{domainUUID}/vulns/

Users

Duo Configs

GET, GET by ID, PUT

/api/fmc_config/v1/domain/{domainUUID}/users/duoconfigs/

Deployment Services

Job Histories

GET, GET by ID, PUT

/api/fmc_config/v1/domain/{domainUUID}/deployment/jobhistories

Download Reports

GET

/api/fmc_config/v1/domain/{domainUUID}/deployment/jobhistories/{containerUUID}/operational/downloadreports

Email Reports

POST

/api/fmc_config/v1/domain/{domainUUID}/deployment/jobhistories/{containerUUID}/operational/emailreports

Device Clusters

Threat Defense Cluster Readiness Check

POST

/api/fmc_config/v1/domain/{domainUUID}/deviceclusters/ftdclusterreadinesscheck

Threat Defense Cluster Device Commands

POST

/api/fmc_config/v1/domain/{domainUUID}/deviceclusters/{containerUUID}/operational/ftdclusterdevicecommands

Health Services

Tunnel Statuses

GET

/api/fmc_config/v1/domain/{domainUUID}/health/tunnelstatuses

Tunnel Summaries

GET

/api/fmc_config/v1/domain/{domainUUID}/health/tunnelsummaries

Chassis

Management Center Managed Chassis

GET, GET by ID

/api/fmc_config/v1/domain/{domainUUID}/chassis/fmcmanagedchassis

Network Modules

GET, GET by ID, PUT

/api/fmc_config/v1/domain/{domainUUID}/chassis/fmcmanagedchassis/{containerUUID}/networkmodules

Sync Network Module

PUT

/api/fmc_config/v1/domain/{domainUUID}/chassis/fmcmanagedchassis/{containerUUID}/operational/syncnetworkmodule

Chassis Interfaces

GET, GET by ID

/api/fmc_config/v1/domain/{domainUUID}/chassis/fmcmanagedchassis/{containerUUID}/chassisinterfaces

Device Services

ECMP Zones

GET, GET by ID, PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/routing/ecmpzones

Virtual ECMP Zones

GET, GET by ID, PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/routing/virtualrouters/{virtualrouterUUID}/ecmpzones

Packet Tracer

POST

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/operational/packettracer

Packet Tracer PCAP

POST

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/operational/packettracerpcap

Policy Based Routes

GET, GET by ID, PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/routing/policybasedroutes

Virtual Policy Based Routes

GET, GET by ID, PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/routing/virtualrouters/{virtualrouterUUID}/policybasedroutes

VTEP Policies

GET, GET by ID, PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/vteppolicies

VNI Interfaces

GET, GET by ID, PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/vniinterfaces

Threat Defense All Interfaces

GET

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/ftdallinterfaces

Integration

Dynamic Attributes Feeds

GET, PUT

/api/fmc_config/v1/domain/{domainUUID}/integration/dynamicattributesfeeds

Object

Anyconnect External Browser Packages

GET, GET by ID

/api/fmc_config/v1/domain/{domainUUID}/object/anyconnectexternalbrowserpackages

Bulk Dynamic Objects

POST

/api/fmc_config/v1/domain/{domainUUID}/object/bulkdynamicobjects

Extended Community Lists

GET, GET bi ID, GET overrides, GET overrides by ID, OUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/object/extendedcommunitylists

Packet Tracer PCAP List

GET

/api/fmc_config/v1/domain/{domainUUID}/object/packettracerpcaplist

Packet Tracer PCAP Upload

POST

/api/fmc_config/v1/domain/{domainUUID}/object/packettracerpcapupload

Updates

Revert Upgrades

POST

/api/fmc_platform/v1/updates/revertupgrades

New Methods for existing endpoints

Table 2. New Methods for Existing Endpoints: these provide additional functionality for existing endpoints

Name

Methods

URL

Device Clusters

Threat Defense Device Cluster (existing)

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/deviceclusters/ftddevicecluster/{objectId}

Device Services

BGP

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/routing/bgp

BGP General Settings

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/devices/devicerecords/{containerUUID}/routing/bgpgeneralsettings

Object

AS Path Lists (existing

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/object/aspathlists

Expanded Community Lists

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/object/expandedcommunitylists

Extended Access Lists

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domain_UUID}/object/extendedaccesslists

IPv4 Prefix Lists (existing)

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/object/ipv4prefixlists

IPv6 Prefix Lists

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/object/ipv6prefixlists

Policy Lists

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/object/policylists

Route Maps

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/object/routemaps

Standard Access Lists

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/object/standardaccesslists

Standard Community Lists

PUT, POST, DELETE

/api/fmc_config/v1/domain/{domainUUID}/object/standardcommunitylists

Enabling the REST API

In management center, the REST API is enabled by default. However, if you are intending to use the REST API, you should confirm that it is enabled.


Note

If you are using UCAPL mode, check that the REST API is not enabled.

Procedure


Step 1

Navigate to System>Configuration>REST API Preferences>Enable REST API

Step 2

Check the "Enable REST API" checkbox.

Step 3

Click "Save". A "Save Successful" dialog will display when the REST API is enabled.


Best Practices

Cisco recommends the following best practices for optimal results with the REST API:

  • Keep UI users and script users separate. Especially do not use the admin account as an API user.

  • Do not give script users more privilege than needed.

  • Always validate the content coming from the server.

  • Validate/sanitize JSON content, as it may include embedded executable code.

  • If you are using CC or UCAPL mode you should disable REST API access to the management center and managed devices.